Canonicalization mistakes are caused when your application makes a security decision based on a name (such as a filename, a directory name, or a URL) and more than one representation of the resource name exists, which can lead to the security check being...
Cross site scripting - XSS
Cross site scripting occurs when a web application gathers raw malicious data from a user. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in...
SQL Injection
SQL injection is a vulnerability in which user input is used to make an application run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises....
End to End Security testing
End-to-end security testing, also referred to as end-to-end security penetration testing, describes security testing with all the application components integrated together. Security penetration testing addresses how hackers would try to break into the...
Secure deployment testing
1 Verifying that the deployment process is functionally correct 2 Making sure that the secure deployment documentation is correct and provides best security practices. 3 Validating the permissions...
Component Level Security Testing
Component level security testing, also referred to as feature area level security testing, describes security testing isolated by the feature area Threat Model Test the threat model; each threat bug which is fixed must have...
What is security testing?
It is important to note that security testing is very different from functional testing. Functional testing determines whether a piece of software does what it is supposed to do. Security testing attempts to confirm that a piece of software does what...
Workload modeling in Performance testing
The process of identifying one or more composite application usage profiles for use in performance testing is known as “Workload Modeling”. Workload modeling can be accomplished in any number of ways, but to varying degrees the following activities are...
Performance testing Scenario
More often than not, i am pushed to the wall with this question on performance testing - “Our Website should support 2 million users in 1 hour time frame. The site admins want to test the site’s performance to ensure that it can sustain million users...
Perf Counters in Website load testing using VSTS 2008
1. Request - Avg Req/Sec Desired value range: High This is the average number of requests per second, which includes failed and passed requests, but not cached requests, because they are not issued on web server. Please note that, all http requests,...
How to Estimate - 5
Example & Practice There is really no simple way in coming up with an answer for this. But we know all the facets involved in the test cycle. There are fixed and some fluid variables that we need to identify. In addition, we also have to make assumptions...
How to estimate - 4
The real strategy in estimation would be Need to get the requirement, design specs as early as possible Break down the tests into a skeleton as much as possible Identify the variables – such as the builds, quality of code and severity – build...
How to Estimate - 3
Let’s now list the Test tasks in General Non Project Items Training Vacation Sick Leaves 1-1 meetings Project Management/Administration Review design specs Review product requirements Review functional...
How to Estimate - 2
Some parameters to consider before we jump and move on Before giving estimates, we need to ask ourselves about the commitments and priorities on some tests tasks which are repetitive by nature. They are number of builds that we plan to test. Do we take...
How to Estimate - 1
While making estimate for a test project can be a challenging task, there are ways to better measure and quantify the efforts. If we can identify the variables in the estimate process and focus on the known factors in making estimates, we will be closer...
